NSA Releases Latest Bulk Records Renewal Order On Same Day It Scores Win In DC Circuit Court Of Appeals

from the also:-normal-Friday-afternoon-document-dump dept

The FISA Court has approved another three-month extension of the NSA's phone metadata collection, allowing the agency to run out the clock on the USA Freedom Act-triggered "transition period" with no additional stipulations attached. The transition will apparently be "business as usual" right up to the expiration date (Nov. 29, 2015), at which point everything will suddenly be compliant with the new law.

Until that date, the NSA will still collect (and store) phone metadata in bulk. The only limitation in place at this point dates back to February 2014 -- when searches of the data haul were limited to court-approved "selectors" backed by reasonable, articulable suspicion.

The joint statement issued by the Office of the Director of National Intelligence (ODNI) and the DOJ discusses the impact of the USA Freedom Act extensively but makes no mention of court decisions or legal challenges possibly affecting the current collection of phone records in bulk. The FISA court order does mention ongoing lawsuits with implications on the collection as implemented, but simply orders the government to inform it of any changes it may need to make to the renewal order if a decision alters the bulk collection playing field.

The case that most threatened the current bulk collection was conveniently eliminated by the DC appeals court with oddly coincidental timing.

The appeals court decision was published on August 28th. On August 27th, the previous bulk records order expired. The new order commenced on the same day as the publication of the DC court's opinion -- which eliminated the possiblity of an injunction. This occurred nearly 9-1/2 months after arguments were heard from the court (Nov. 14, 2014) more than 18 months after the case was appealed. Synergistically, the court decided to file and publish its decision in favor of uninterrupted bulk collection the same day the NSA's renewal order kicked in.

This suggests the NSA leaned on the administration and the administration leaned on the court. I wouldn't go so far as to suggest the administration influenced the opinion, but it would seem to have been instrumental in the timing of the decision's release.

Filed Under: bulk records, fisa court, fisc, mass surveillance, nsa, patriot act, phone records, renewal, surveillance, usa freedom

Chris Christie So Obsessed With Increasing Surveillance He Pretends He Was A Fed On 9/11 Even Though He Wasn't

from the the-lies-your-politicians-tell dept

Other than when News Corp. used copyright to takedown its own feed from last night's GOP Presidential debates, there really wasn't much that was Techdirt-related. The only other significant moment was a bit of a debate between Chris Christie and Rand Paul concerning the NSA and government surveillance. As we've discussed before, Christie is a big time surveillance state supporter. He's argued that anyone opposed to NSA surveillance is guilty of "dangerous" thinking, has said that civil liberties worries about the NSA are "baloney" and has argued that Rand Paul is responsible for any future terrorist attacks, after Paul suggested that we shelve parts of the PATRIOT Act and obey the 4th Amendment.

The debate question focused specifically on Christie's comments that Rand Paul should be forced to appear in hearings before Congress if there's a future terrorist attack, to explain why he opposed greater surveillance. Reason summarized the back-and-forth:

“I will make no apologies ever for protecting the lives and the safety of the American people,” said Christie. “We need to give more tools to our folks to be able to do that, not fewer, and then trust those people and oversee them to do it the right way. As president, that’s exactly what I will do.”

Paul shot back immediately.

“I want to collect more records from terrorists, but less records from innocent Americans,” said Paul. “The Fourth Amendment was what we fought the Revolution over. John Adams said it was the spark that led to our War for Independence. I’m proud of standing for the Bill of Rights and I will continue to stand for the Bill of Rights.”

Christie insisted that Paul had given a “ridiculous” answer, since there is no way to tell the terrorists apart from the innocent American citizens. Paul responded that the way to discern the difference is to ask a judge for a warrant.

“I’m talking about searches, without warrants, indiscriminately of all American’s records, and that’s what I fought to end,” said Paul.

But there was one very odd moment at the very beginning, before the exchange above. Christie noted that he was appointed to his former job as a US Attorney on September 10th of 2001:

MEGYN KELLY: Do you really believe you can assign blame to Senator Paul just for opposing he bulk collection of people’s phone records in the event of a terrorist attack?

CHRISTIE: Yes, I do. And I’ll tell you why: because I’m the only person on this stage who’s actually filed applications under the Patriot Act, who has gone before the federal — the Foreign Intelligence Service court, who has prosecuted and investigated and jailed terrorists in this country after September 11th.

I was appointed U.S. attorney by President Bush on September 10th, 2001, and the world changed enormously the next day, and that happened in my state.

This is not theoretical to me. I went to the funerals. We lost friends of ours in the Trade Center that day. My own wife was two blocks from the Trade Center that day, at her office, having gone through it that morning.

I found that interesting, because I didn't know that. And perhaps the reason I didn't know that is that it's complete bullshit. As Marcy Wheeler points out on Emptywheel, Christie was actually nominated months later, with the announcement that he was going to be nominated released on December 7th, 2001

The President intends to nominate Christopher J. Christie to be United States Attorney for the District of New Jersey. Christie has been a partner with Dughi, Hewitt and Palatucci of Cranford, New Jersey since 1987. He is a graduate of the University of Delaware and Seton Hall University School of Law.

Christie took office in January 2002.

Also, it's the Foreign Intelligence Surveillance Court, not the Foreign Intelligence Service Court, as he says -- but that's the kind of thing that is probably a forgivable mistake in such a setting. But arguing that you were appointed months before you actually were seems like a pretty blatant lie and one you wouldn't make without deliberately seeking to mislead people. As Wheeler also points out, Christie's own official bio notes that he "was named U.S. Attorney for the District of New Jersey in 2002."

Also, for all his talk about he went before the court whose name he couldn't get right, that's actually not how it works. US Attorneys don't do that (others in the DOJ do it instead). Wheeler further points out that if what Christie implies is true, then he may have been making use of illegal wiretaps during his time on the job -- so perhaps that's why he doesn't want more scrutiny of the program:

Christie implies he was involved in the dragnet in question. He was US Attorney from January 2002 to December 2008 — so he in fact would have been in office during the two years when the phone dragnet worked through the Servic–um, Surveillance court, and four years of the Internet dragnet. But if, as he implies, he was involved in the dragnet for the entire span of his tenure — and remember, there were huge cases run out of Trenton right out of 9/11 — then he was also using the fruits of illegal wiretapping to do his job. Not Servic — um, Surveillance court authorized dragnets and wiretaps, but also illegal wiretaps.

Which may explain why he’s so invested in rebutting any questions about the legitimacy of the program.

Remember, when people have actually looked more closely at Christie's high profile cases, such as the Fort Dix Five, it was revealed as a totally bogus manufactured plot, in which it appears Christie pushed trumped up charges against a set of brothers who didn't seem to have anything to do with a terrorist plot at all.

Filed Under: 9/11, chris christie, debate, fisa court, fisc, lies

FISA Court Authorizes 'As-Is' Bulk Phone Collections For The Next Six Months

from the 'six-months-same-as-Patriot-Act'-civil-liberties-fire-sale! dept

"The more things change, the more everything is just Smith v. Maryland (1979)."

Or so the FISA Court notes in its latest order authorizing the continued collection of bulk phone records under… well, not Section 215, which expired, but under a "non-hyper-literal evil genie" reading of the contradictory forces temporarily in play thanks to the passage of the USA Freedom Act.

"Plus ça change, plus c'est la même chose," well, at least for 180 days. This application presents the question whether the recently-enacted USA FREEDOM Act, in amending Title V of FISA, 2 ended the bulk collection of telephone metadata. The short answer is yes. But in doing so, Congress deliberately carved out a 180-day period following the date of enactment in which such collection was specifically authorized. For this reason, the Court approves the application in this case.

The order notes that there was much more to consider in this renewal application. It nods to the expiration of Section 215 on May 31st and its brief return to its pre-Patriot Act form for roughly 24 hours before the passage of USA Freedom pushed the expiration date up until 2019. It notes the legal challenges brought against the bulk collection by Ken Cuccinelli and FreedomWorks, as well as the stipulations added to the collection by the surveillance reform bill.

The order denies Cuccinelli/Freedomworks' request to shut down the bulk collection entirely but does grant their request to serve as amicus curiae -- a new position provided for by the USA Freedom Act. This, however, is limited solely to motions already presented to the court by FreedomWorks and Center for National Security Studies. And the FISA Court finds the opposition to the government's claim of 180 days' worth of uninterrupted, unaltered bulk collections to be lacking in merit. The culprit is (partially) the USA Freedom Act itself.

The USA FREEDOM Act prohibits the FISC from issuing an order for production of tangible things without the use of a "specific selection term." USA FREEDOM Act§ 103(b), amending FISA § 501(c). This amendment and the related amendments set forth in sections 101 through 103 of the USA FREEDOM Act prohibit the government from acquiring tangible things in bulk under a FISA business records order. Crucially for purposes of this case, however, section 109(a) of the USA FREEDOM Act states that these amendments do not take effect until 180 days after enactment (November 29, 2015).

[...]

And if that was not clear enough, the USA FREEDOM Act also states that "[n]othing in this Act shall be construed to alter or eliminate the authority of the Government to obtain an order [under the business records provisions of FISA] as in effect prior to [the ban on bulk acquisition taking effect after 180 days]." USA FREEDOM Act §109(b). In passing the USA FREEDOM Act, Congress clearly intended to end bulk data collection of business records and other tangible things. But what it took away with one hand, it gave back - for a limited time - with the other.

The rest of the order is given over to dismissing a handful of other legal challenges to the bulk collection program, including the Second Circuit Court's finding that the program -- in its current form -- is not actually authorized by law.

The FISA Court, however, finds the appeals court's analysis "flawed" and reliant on "mischaracterizations." While the Second Circuit found the program "had no endpoint," the FISA Court claims the USA Freedom Act gives it one: November 29, 2015. This is the FISA Court shifting back into "hyper-literal evil genie" mode. The Section 215 collection has always had an "endpoint." It's just always been renewed by Congress, up until 2015's expiration, which was more a result of Snowden's leaks than an autonomous decision to give the program a true endpoint. Without a doubt, the modified collection will go through the same cycle of endless renewals.

The government's access to American phone records is never going to end completely, not as long as the government and FISA Court continue to rely on the Third Party Doctrine, as defined by the 1979 Smith v. Maryland decision. The FISA order refers to this decision repeatedly in its justification of ongoing bulk collections, either in pre-USA Freedom Act form or with the new limitations in place. As long as the government can rely on this large Fourth Amendment loophole, domestic surveillance in the form of bulk collections (as well as subpoena and National Security letter abuse) will continue. There is effectively no "endpoint" for these collections, as the Second Circuit pointed out.

The only thing "correct" about the FISA Court's analysis of these collections -- including the convenient elasticity of the term "relevant" -- is that a new Fourth Amendment privacy right doesn't simply spring into existence because these programs harvest information on millions of Americans. If the government -- and the courts -- aren't willing to extend protections to certain "business records" for an individual, the same lack of protection remains in place when it's hundreds of thousands who are affected.

For what it's worth, Section 215 (now Section 501) will no longer be collected and stored by the NSA after this six-month wind-down. These records will reside with telcos and be returned only in exchange for specific searches based on "reasonable articulable suspicion."

Unfortunately, this order doesn't bode well for the newly-created position of amicus curiae. Everything examined here in ad hoc, interim form is dismissed completely by FISA judge Michael Mosman. Barring a Supreme Court examination of bulk domestic collections or a revisiting of the issues central to Smith v. Maryland, arguing the public's case against bulk harvesting is going to be an exercise in futility.

Filed Under: bulk collection, fisa, fisa court, fisc, patriot act, phone records, section 215

Missing Document From FISA Court Docket Suggests Yet Another Undisclosed Bulk Records Program

from the given-the-preponderance-of-spy-programs,-why-not dept

The thing about transparency is that it's not just about what you reveal. It's also about what you choose to keep hidden. In the ongoing docket for the government's 2015 bulk records requests, there appears to be a missing document.

BR 15-75 (BR = "business records," "15" = 2015) -- the government's request to have 180 days' worth of "business [records] as usual" collections before the limitations of the USA Freedom Act kick in -- is present. So is the opinion addressing the repercussions of the passage of USA Freedom, which is denoted as "BR 15-77, BR 15-78." But where -- and what -- is BR 15-76?

Patrick Toomey at Just Security has a theory:

It’s hard to be certain, but it’s likely that BR 15-76 is an application to restart the phantom CIA bulk financial records program or another undisclosed bulk collection program. Beginning in late 2013, multiple outlets reported on the CIA’s bulk collection of Americans’ international money transfer records from companies like Western Union and Moneygram. Other outlets stated at the time that the CIA program overlapped significantly with efforts to collect “financial transaction data” by both the NSA and the Treasury Department. And according to the New York Times, beyond the CIA program, several officials “said more than one other bulk collection program has yet to come to light.”

If Toomey is correct, I wonder how long said "undisclosed program" will remain undisclosed. Others have come to light over the years, including the DEA's concurrent collection of domestic phone records, something it apparently ditched to give the DOJ only "one" bulk records collection to defend publicly.

Previous to the post-Snowden era of begrudging transparency, omissions are no longer going to go unnoticed. In the discussion of the BR 15-77,78 opinion, it was noted that no order was attached, meaning the government has presumably not yet received a go-ahead from the court on phone metadata. Ever since the Office of the Director of National Intelligence engaged Transparency Mode, the FISA Court has regularly delivered orders and opinions on the NSA's bulk collection activities. While some orders have been shortly delayed, there's never been a complete omission, nor this long of a gap between expiration of a previous order and a reinstatement of the collection request.

Now that the FISC is playing along with the new transparency, omissions of any sort are simply unacceptable. As Toomey states, if this missing paperwork is related to another bulk records collection (possibly one authorized under pre-Patriot Act stipulations), it's not acceptable that the government has chosen to withhold it from the public. The public doesn't have less right to know about the harvesting of its records simply because said program hasn't been forced out into the open yet.

Filed Under: bulk records, docket numbers, fisa court, fisc, patriot act, section 215, surveillance, transparency, usa freedom act

FISA Court Tackles Section 215 Mess, Public Advocates In New Opinion

from the bulk-collection-paused? dept

The FISA Court has released its opinion on the interim Section 215 collection activities. The government argued that it was owed six months of uninterrupted, plain vanilla Patriot Act collections, as provided for in the USA Freedom Act. While the new law significantly alters the NSA's collection methods, it was given 180 days to transition to an off-site "collection," housed by telcos and responsive only to targeted searches.

But a few points were still unclear. First, Section 215 did actually expire on May 31st. Only the passage of the USA Freedom Act prevented it from going completely dead, and even so, it's no longer a bulk collection. Second, the Second Circuit Court found the collection was illegal under current law. This finding has very limited jurisdiction, of course, and the appeals court has no control over the FISA Court. The FISC can consider this opinion (and it has), but the question of the legality of this bulk collection is still mostly unsettled.

Third, the USA Freedom Act provides for the appointment of five people to argue on behalf of the public and potential surveillance targets. The new order tackles this new stipulation… sort of. First of all, however, the FISA Court has the unenviable task of sorting out the numerous conflicts caused by the sunset of Section 215, and its almost immediate sunrise in mutated form, thanks to the provisions of the passed-at-the-last-minute USA Freedom Act.

Julian Sanchez at Just Security points out the FISC had a couple of options when interpreting the new law, the old law and various other legal questions.

Since reading USA Freedom as amending the post-sunset law would result in legal gibberish, in other words, the FISC reads the law as doing what Congress very obviously intended for it to do, not what a hyper-literal evil genie might read it as doing.

The opinion appears to authorize old-school Section 215 bulk collecting during the 180-day winddown. [As pointed out by Julian Sanchez, the opinion "pointedly" does not authorize this. What it does is provide for the collection as amended by the USA Freedom Act, which obviously isn't the same thing, and isn't how the government has interpreted the 180-day transition period.) What's more interesting is the order's discussion of the brand new advocates that will finally bring an adversarial presence to the court. Sanchez notes the FISC could have simply ignored this stipulation until after the 6-month temporary reauthorization was completed and USA Freedom's version of Section 215 kicked in. But it didn't. However, that doesn't exactly mean it's welcoming the additional arguments and scrutiny. In this opinion, the FISC rubberstamps itself.

First, it understatedly notes that things are all kinds of screwed up at the moment.

Although the statutory framework is somewhat tangled, the choice before the court is actually very clear and stark: as described below, it can apply well-established principles of statutory construction and interpret the USA FREEDOM Act in a manner that gives meaning to all of its provisions, or it can ignore those principles and conclude that Congress passed an irrational statute with multiple superfluous parts.

Having issued its mildly derogatory assessment of Schrödinger's Bulk Collection, the FISA Court moves on to declare that, despite the multiple legal entanglements and legislative changes, this particular request is so straightforward -- and its precedent sufficiently clear -- there's no need to ask a second opinion.

Under the circumstances, it does not appear that the assistance of an amicus curiae would materially assist the court in making that decision. The court therefore finds that it is "not appropriate" to appoint an amicus curiae in this matter, within the meaning of 50 U.S.C. §1803(i)(2)(A).

This would, of course, be the statute cited by the Second Circuit Court as not allowing for the bulk collection of records, but whatever. In this particular case, the FISA Court's assessment is likely correct. If it's expected to see this tangled mess the way legislators intended, rather than as a "hyper-literal evil genie," the government is free to collect bulk records for the next six months while transitioning to the new process. Anyone arguing on behalf of the public will just have to wait until the USA Freedom version goes into effect and attack any deficiencies then. As for the appeals court decision, it has very little bearing now that the Section 215 program is on the way to retirement. The passage of USA Freedom now provides for the legal authority needed to continue this collection, which will no longer be in bulk and much more likely to adhere to the Section 1803 provisions.

Sanchez points out an interesting omission -- if it is an omission -- that possibly indicates the government won't even be performing its long-running bulk collection for the next six months. As he notes, no additional order authorizing normal bulk collection has been issued. In the wake of the Snowden leaks, the FISA Court has been pretty punctual with the public release of authorization orders, but there's no order attached to this opinion.

Because the FISC has declined to take the 180-day escape hatch, and because they cannot plausibly invoke the “no brainer” exception, the court does intend to appoint an amicus to brief the question of whether bulk collection can continue during the six month transition window. Since it will take time to find an appropriate party, and there’s no indication of any further bulk order being issued as yet, it seems reasonable to infer that, at present, the bulk program remains suspended. Alternatively, the FISC may have issued a temporary order authorizing resumption of bulk collection for some quite short period, without an opinion, while it looks for an amicus and takes time to consider their arguments.   If they had in fact already issued an opinion and order reauthorizing bulk collection, after all, it would be quite strange to have issued a memorandum opinion dealing only with this narrow question, rather than bundling them all together.

If so, this would be the first time since 2009 that the bulk collection has been suspended for any length of time, which is significant on its own.

Filed Under: amicus, bulk collection, doj, fisa, fisa court, fisc, patriot act, public advocate, reform, usa freedom

DOJ Argues FISC Opinion Preferable To 2nd Circuit Opinion While Defending Ongoing, Unaltered Metadata Collection

from the WE-HEART-FISC dept

The Memorandum of Law the FISA Court ordered the DOJ to make public in response to Ken Cuccinelli/FreedomWorks' challenge to the immediate return of Section 215 "business as usual" following the expiration of the authority at the end of May. (Followed almost immediately thereafter by the passage of the USA Freedom Act, carrying with it a six-month "transitional" collection period.)

In it, the DOJ makes its case for uninterrupted bulk metadata collection, as if the authority a) hadn't been allowed to expire and b) hadn't had its legality challenged by the Second Circuit Court. Right now, it's all a very gray area and the DOJ aims to take advantage of it. Due to the fact the surveillance reform bill didn't pass until after the expiration of the authority, the six-month window granted may theoretically allow for an uninterrupted collection, but it's completely unclear as to what legal authority allows the government to do so -- at least in its present, unaltered form.

The DOJ claims in its late-night FISC filing that the USA Freedom Act itself gives it permission to run an unaltered Section 215 collection for the next six months.

The USA FREEDOM Act authorizes the Government to seek and this Court to issue an order under Section 1861 for the production of tangible things in bulk for 180 days in the same manner as authorized in docket number BR 15-24 and prior related dockets. The USA FREEDOM Act bans the bulk production of tangible things under Section 1861 effective 180 days from its enactment, which is when Sections 101 through 103 take effect. Id.§ 109(a). Its brief lapse notwithstanding, the USA FREEDOM Act also expressly extends the sunset of Section 215 of the USA PATRIOT Act, as amended, until December 15, 2019, id.§ 705(a), and provides that, until the effective date of the amendments made by Sections 101 through 103, it does not alter or eliminate the Government's authority to obtain an order under Section 1861 as in effect prior to the effective date of Sections 101 through 103 of the USA FREEDOM Act. Id.§ 109(b). Because the USA FREEDOM Act extends the sunset for Section 215 and delays the ban on bulk production under Section 1861 until 180 days from its enactment, the Government respectfully submits that it may seek and this Court may issue an order for the bulk production of tangible things under Section 1861 as amended by Section 215 of the USA PATRIOT Act as it did in docket number BR 15-24 and prior related dockets.

As Marcy Wheeler notes, the DOJ has inferred Congressional intent by cherry-picking supporting quotes from representatives.

It cites comments Pat Leahy and Chuck Grassley made on May 22 (without, curiously, quoting either Rand Paul or legislative record from after Mitch McConnell caused the dragnet to lapse) showing that the intent of the bill was to extend the current dragnet.

What really makes the DOJ's memo worth reading is its off-hand dismissal of the Second Circuit Court's finding that the bulk collection is not actually authorized by existing law. It simply states that it finds this court's opinion less likable than the FISA Court's interpretation of this legal authority.

The Second Circuit's recent panel opinion in ACLU v. Clapper, No. 14-42 (2d Cir. May 7, 2015) does not bar this Court from authorizing the production in bulk of call detail records, notwithstanding its holding that Section 1861 does not authorize the bulk production of call detail records. The Government believes that this Court's analysis of Section 215 reflects the better interpretation of the statute, see, e.g., In Re Application of the FBI for an Order Requiring the Production of Tangible Things, docket no. BR 13-109, Amended Mem. Op., 2013 WL 5741573 (FISA Ct. Aug. 29, 2013) (Eagan, J.) and In Re Application of the FBI for an Order Requiring the Production of Tangible Things, docket no. BR 13-158, Mem. (FISA Ct. Oct. 11, 2013) (McLaughlin, J.), disagrees with the Second Circuit panel's opinion, and submits that the request for renewal of the bulk production authority is authorized under the statute as noted above.

In support of this "argument," it cites the FISA Court's own complicity in rubber-stamping order after order for several years in a row.

With respect to application of Section 1861 of FISA, as amended by Section 215 of the USA PATRIOT Act, following careful consideration of the law by nineteen different judges, this Court has authorized the bulk production of call detail records to NSA forty-one times since May 2006.

The DOJ's response to Cuccinelli's challenge has yet to arrive and, obviously, this memorandum was written before the challenge arrived at the FISA Court. But given this filing's dismissal of both the Second Circuit Court's decision and any legal vagueness surrounding the lapse of the Section 215 authority, it's likely its response will be more of the same.

Filed Under: bulk collection, doj, fisa court, fisc, nsa, section 215, surveillance

FISA Court Rubberstamped NSA's Questionable Legal Theories To Grant It Expanded Surveillance Powers

from the well,-Congress-MIGHT-have-said,-'Collect-it-all'-if-it-only-knew-about-a dept

More documents have been yanked out of the NSA's hands, thanks to a New York Times FOIA lawsuit. The documents are from 2007, and they further detail the agency's warrantless surveillance program which swept up not only phone numbers but also email addresses and content. The program wasn't actually legal at the time it rolled out. It took the FISA Amendments Act of 2008 to codify this. In the meantime, the agency used interim legislation (2007's Protect America Act) and some hubris to enhance its haystacking business.

The previously-released FISA order from April of 2007 contains a rare moment of hesitation by a FISA judge (Roger Vinson), who didn't buy the NSA's arguments that a phone number or email address could be a "facility" in and of itself. Rather than use the standard definition of a "facility" -- that being a base of operations -- the NSA chose to read it as an impossible combination of noun and verb. An email address is a "facility" because it "facilitates communications." Vinson wasn't too impressed with this, or the fact that the application didn't contain much in the way of probable cause. As he noted, the NSA's intention was to collect both sets of data in bulk, far from the targeted surveillance it attempted to portray in its application.

The May 2007 order (also by Roger Vinson) shows that the NSA found a way to get its aims accomplished, despite Vinson's reluctance. A "new legal theory" was offered by the agency in an amended application and buttressed by Keith Alexander's declaration that it was all totally legal.

Unfortunately, the order doesn't detail the NSA's legal theory, or at least not in any visible way. Vinson's musings on the NSA's Plan B turns out to be a bunch of wasted typing. His declaration that on the "basis of facts submitted by the applicant, there is probable cause to believe that...:" is followed by four completely redacted pages.

Following that, Vinson authorizes the NSA's "roving, multipoint" surveillance, based on the opinion that Congress would have authorized that (and apparently pretty much anything else it may or may not have conceived of) considering the "Government's national security interests are so great." This rationale again. And again, presented by an agency whose livelihood depends on the depiction of security threats as perennially "great" and everlasting. Vinson also agreed to contact-chaining using these numbers and email addresses as selectors. As a remedy for possibly illegal surveillance, the FISA court offers nothing more than fixes after the fact.

This holding, albeit novel, is consistent with the overall statutory requirements; it requires the Government to report and provide appropriate justification to the Court; and it supplies the Government with a necessary degree of agility and flexibility in tracking the targeted foreign powers. This Court will be able to ultimately determine whether the electronic surveillance was proper.

The FISA court authorizes a rolling 21-day grace period to report on any new numbers/email addresses added to the NSA's collections, from which the FISA judges would determine whether sufficient probable cause exists to continue surveillance. Better than nothing, but still a three-week "free swim" for analysts.

One stipulation stands out, though.

Unconsented physical entry is not authorized to implement the electronic surveillance approved herein.

The NSA isn't known for physically tapping phones or planting bugs (at least not here in the US… and at least not to our knowledge at this point). It's a requirement that does the agency no harm. But the hypothetical question raised by this is: does "unconsented physical entry" cover things like the interception of US tech companies' products in order to insert backdoors and malware? It won't be discussed here because this only deals with the NSA's roving, targeted/bulk surveillance hybrid. But it's something to keep in mind for future document releases.

This order is also added the FBI to the NSA's surveillance CC: list.

Information that is not foreign intelligence information, but reasonably appears to be evidence of a crime that has been, is being, or is about to be committed, may be disseminated (including United States person identities) to the FBI and other appropriate federal law enforcement authorities, in accordance with 50 U.S.C. 1806(b), Executive Order No. 12333…

And so, the domestic surveillance that wasn't (this order -- and past ones -- draws a very clear line between foreign targets and known US persons) becomes a handy tool for domestic surveillance. As the court notes earlier in the order, because of where the communications and data are collected, there's no real way to separate US/non-US data without digging through the collection. When it's discovered, minimization procedures are to apply -- except, apparently, if it can hand the data/communications off to the FBI. (The CIA, on the other hand, gets everything, domestic or foreign, apparently only subject to the NSA's discretion.)

Again, this entire line of surveillance still hadn't been determined to be completely legal. It took the FISA Amendments Act to codify this particular program. Despite that, it was approved anyway, thanks to the NSA's willingness to explore as many legal theories as necessary in order to secure the FISA judge's approval.

That's the problem with these two orders. We don't get to see the NSA's legal wranglings. Those are redacted. And what is actually revealed doesn't explain much. The May 2007 order notes that the NSA's arguments are still on shaky ground and the earlier (and much longer) April order handles the entirety of the agency's legal discussions on its contact-chaining of unrelated "facilities" in a single paragraph.

In this case, the Government has also asked for specific authority to acquire certain electronic communications that relate to or refer to an e-mail [redacted] that is targeted for surveillance under this Order. For example, the Government argues that it should be allowed to acquire any e-mail communication that mentions a targeted e-mail [redacted] even though the communication is to and from other e-mail [redacted] not currently under electronic surveillance. After careful consideration of the Government's arguments, the Court holds that, in the limited and carefully considered circumstances described below, there is probable cause to believe that internet communications relating to a previously targeted e-mail [redacted] are themselves being sent and/or received by one of the targeted foreign powers, and thus those communications may be acquired by the NSA.

And there goes any hope that the collection would be targeted. Simply mentioning a targeted email in the body of an email message is enough "probable cause" for the FISA court, which goes on to note that it's perfectly OK (in the search for supporting probable cause) for the agency to read nearly any communication that crosses its desk, provided it's within a step or two of its selectors.

The NSA didn't get to where it is today overnight. It took a decade of legal wrangling and the steadfast assertion that the terrorist threat to the US is just as strong as it was September 10, 2001. With the assistance of obliging courts and sympathetic legislators, the NSA has become a data and communications behemoth, sucking in vast quantities of both from all over the world.

Filed Under: fisa, fisa court, fisc, nsa, surveillance

FISA Judge To Yahoo: If US Citizens Don't Know They're Being Surveilled, There's No Harm

from the so,-more-of-the-same,-except-retroactively? dept

A legal battle between Yahoo and the government over the Protect America Act took place in 2008, but details (forced from the government's Top Secret file folders by FISA Judge Reggie Walton) are only emerging now. A total of 1,500 pages will eventually make their way into the public domain once redactions have been applied. The most recent release is a transcript [pdf link] of oral arguments presented by Yahoo's counsel (Mark Zwillinger) and the US Solicitor General (Gregory Garre).

Zwillinger opens up the arguments by questioning the government's methods of determining who should be placed under surveillance.

Why I show this to you is because I think it's a perfectly fair question for you to ask the Solicitor General of the United States how a name gets on this list. This isn't reviewed by a -- the FISA Court. These names aren't reviewed by the Attorney General of the United States. The difference between surveilling an account and exposing someone's most private communications and not is how a name gets on this list; and all we know about it from page 47 of their brief, is that an intelligence analyst puts it on the list.

From this arbitrary beginning springs a wealth of errors.

[REDACTED] of the accounts we have been given do not exist. They aren't accounts at Yahoo. Whether the government is misinformed, or using stale information, we don't know; But the fact that [REDACTED] accounts do not exist raises a serious possibility that some of those accounts have already been recycled and are used by other Yahoo users, or that the information that the government has is just wrong, and the wrong is being placed under surveillance.

Zwillinger points out that Yahoo is just one provider and yet has (the number is redacted, but is at least 4 digits with a comma) a large number of accounts under surveillance. He then refers to the multiple errors again, stating that when the government screws up, it's very likely that American citizens will be mistakenly placed under surveillance.

The difference between a U.S. person and a non-U.S. person in this context could be a letter or a digit in an email address; and if they have it wrong, the consequences will likely be felt here, because more Yahoo users are from the United States than any other single country.

The judges claim minimization procedures eliminate the problem of inadvertent collections, but Zwillinger points out that the surveillance carried out under the Protect America Act actually doesn't contain protections against use of wrongly swept up US persons' communications and data.

The government's response begins by denying that US persons' data is retained. "There is no database," says Gregory Garre, before having to admit a few sentences later, that incidental data is retained (and distributed) if there is evidence of other, non-national-security-related criminal activity.

Garre then goes on to explain why the government feels it should have warrantless access to US persons' communications, routed through and stored at US servers. He refers to satellite communications -- something in use when FISA was enacted in 1978. Garre says that even though these communications may have been captured by domestic satellite receivers, it's the point of origin that matters. Outside the US? No warrant needed, even for US persons. Likewise for emails stored on Yahoo servers.

MR. GARRE: I don't think anybody would argue that the Fourth Amendment would apply to that communication, even though the email communications go to account in Sunnyvale, California. I haven't understood Yahoo to argue that the Fourth Amendment would be implicated by that.

And, similarly, the Fourth Amendment isn't --

JUSTICE SELYA: You mean the interception there by you and Yahoo would not implicate the Fourth Amendment?

MR. GARRE: That Certainly would be the government's view.

Garre also blames the large number of dead accounts in the court orders on Yahoo's refusal to immediately comply, while simultaneously spinning it as the unavoidable collateral damage of "efficient" surveillance.

So the fact that accounts have been closed is not significant, and that's particularly true given that the large number of email accounts here is reflected by the fact that Yahoo is in noncompliance for several months. So, if you go back several months, it's not surprising that several accounts have been closed.

Garre asserts that if anyone deserves the benefit of a doubt in this situation, it's the US government. He states that the Executive Branch and the intelligence community have a long-standing history of not violating the rights of US citizens -- a statement that wasn't even mostly true prior to the 9/11 attacks, and is almost laughable in the wake of what's been uncovered since then. He also points to Congressional oversight and suggests its legislative powers would have been used to rein in the NSA and others if it had actually seen signs of abuse.

In his rebuttal, Zwillinger punches holes in Garre's narrative.

You know, the Solicitor General talks about Congress spoke here, but to the extent Congress has spoken, then they turn around and admit they misspoke. And now they have a Senate report that says we failed to provide adequate protections for U.S. persons, and we are going to pass new legislation. They intentionally let the Protect America Act lapse. So to the extent congressional oversight even exists after February 16, 2008, which I'm not sure it does, it provides no check. Congress can't do anything differently. The statute has passed. The directives continue all the way until the expiration date, but the statute doesn't exist any more. It's not Congress's current view of how surveillance should he conducted.

But the most surprising assertions made in these oral arguments don't come from the Solicitor General. They come from Judge Morris S. Arnold, who shows something nearing disdain for the privacy of the American public and their Fourth Amendment rights.

In the first few pages of the oral arguments, while discussing whether or not secret surveillance actually harms US citizens (or the companies forced to comply with government orders), Arnold pulls a complete Mike Rogers:

If this order is enforced and it's secret, how can you be hurt? The people don't know that -- that they're being monitored in some way. How can you be harmed by it? I mean, what's --what's the -- what's your -- what's the damage to your consumer?

By the same logic, all sorts of secret surveillance would be OK -- like watching your neighbor's wife undress through the window, or placing a hidden camera in the restroom -- as long as the surveilled party is never made aware of it. If you don't know it's happening, then there's nothing wrong with it. Right? [h/t to Alex Stamos]

In the next astounding quote, Arnold makes the case that the Fourth Amendment doesn't stipulate the use of warrants for searches because it's not written right up on top in bold caps… or something.

The whole thrust of the development of Fourth Amendment law has sort of emphasized the watchdog function of the judiciary. If you just look at the Fourth Amendment, there's nothing in there that really says that a warrant is usually required. It doesn't say that at all, and the warrant clause is at the bottom end of the Fourth Amendment, and -- but that's the way -- that's the way it has been interpreted.

What's standing between US citizens and unconstitutional acts by their government is a very thin wall indeed.

Filed Under: fisa court, fisc, gregory garre, mark zwillinger, morris arnold, nsa, paa, prism, protect america act, section 702, surveillance
Companies: yahoo

Yahoo Threatened With A Secret $250,000 Per Day Fine If It Didn't Comply With NSA PRISM Demands

from the how-do-you-explain-that-one? dept

Back in 2013, a week after the whole PRISM program was first revealed thanks to Ed Snowden's leaks, it was then revealed that Yahoo had fought a secret legal battle against the program, based on a predecessor to the FISA Amendments Act of 2008 called the Protect America Act of 2007. Yahoo took this fight to the FISA court and then lost. The company was ordered to begin handing over information, even though the company believed the requests were unconstitutional. Late yesterday, Yahoo noted that the FISA Court was finally declassifying many of the documents from that legal fight. James Clapper's office quickly provided its spin on the 1,500 pages worth of documents in the fight. We're digging through all the documents and will likely have more to say once we've had a chance to read through them more carefully.

However, we wanted to comment briefly on the story that's already been making the rounds -- which was called out by Yahoo in its announcement about this. And it's that the government threatened Yahoo with a $250,000 per day fine for refusing to comply with the demands to turn over the information. That specific threat can be seen in the government's motion for an order of civil contempt, after Yahoo sought to appeal the original decision against Yahoo. Yahoo asked for a stay of the original ruling while it appealed, but the government insisted that the court should not allow a stay and should order Yahoo to hand over the data or pay the $250,000 per day fine -- which even the government refers to as a "coercive fine."

$250,000 per day is a lot. Yes, that number can add up pretty quickly, but the truly stunning thing about all of this is that you have to remember all of this was done in total secrecy (it's only come out now, about seven years after it happened). As a company making billions, perhaps it would be able to hide millions of dollars in fines, but somewhere along the line it would have had to have raised alarm bells from someone -- whether an accountant for the company or even someone on the board, wondering why giant chunks of money were going to the government based on absolutely no explanation. And making it even more bizarre is that almost no one in the company itself would have even been allowed to know what was going on. While it never actually got to that point, imagine the financial mess such a secret fine from a secret court would cause.

FISA Court judge Reggie Walton denied Yahoo's request for the stay, meaning Yahoo would likely have been found in contempt if it didn't start handing over data. Thus, even though the company was still trying to appeal the decision (unsuccessfully), it was forced to start handing over the data anyway.

There are so many things wrong (and seemingly unconstitutional) in this entire setup -- and I'm sure we'll have more to say on it after we've gone through the documents. But what kind of constitutional democracy are we living in when this kind of thing is considered to be perfectly acceptable by those in power?

Filed Under: 4th amendment, doj, fisa amendments act, fisa court, fisc, nsa, prism, protect america act, surveillance
Companies: yahoo

FISA Court Twists PATRIOT Act To Pretend It's Okay To Spy On Americans Based On Their Constitutionally Protected Speech

from the that's-a-problem dept

We've written before about how it appears that the DOJ/FBI and NSA have conducted surveillance on Americans almost entirely based on First Amendment-protected activities. Whenever that issue comes up, the Intelligence Community and its defenders insist no way, that they take the prohibition on surveillance over First Amendment protected activities seriously. Section 215 of the Patriot Act is rather explicit:

the Director of the Federal Bureau of Investigation or a designee of the Director (whose rank shall be no lower than Assistant Special Agent in Charge) may make an application for an order requiring the production of any tangible things (including books, records, papers, documents, and other items) for an investigation to obtain foreign intelligence information not concerning a United States person or to protect against international terrorism or clandestine intelligence activities, provided that such investigation of a United States person is not conducted solely upon the basis of activities protected by the first amendment to the Constitution.

Seems clear, right? But, of course, what seems clear in the statute and how the intelligence community and the rubber-stamping FISA Court will view things often seem to differ by a wide margin. The FISA court has now released yet another heavily redacted opinion, given by Judge John Bates, concerning just such a request. You may recall Judge John Bates from his recent letters in which he pretends to represent the entire judiciary, in fighting back against any attempt to limit the NSA and the FISA Court's ability to spy on American people. Bates seems absolutely sure that doing so will let the terrorists win, which gives you a glimpse into his mindset.

Thus, while depressing, it shouldn't be too surprising to find out that when a Section 215 request came to him concerning activity of a US person that was entirely protected by the First Amendment, Bates figured out a way to give the FBI the go ahead to spy on the person anyway. Because terrorism.

While heavily redacted, it seems clear that Judge Bates admits that the nameless person the FBI wishes to spy on didn't do anything that went outside of First Amendment protected speech: Okay then, so all of the activities of this US person are clearly protected under the First Amendment. The law is pretty clear that the FISA Court then cannot grant the power to collect that individual's records. But... Judge Bates is deathly afraid of terrorism, so surely there must be a way to massage things to come up with a reason why it's okay, despite what the law clearly says. So Bates comes up with a neat little trick. He says, sure, the person of interest may only be engaged in protected speech, but some other guy (a non-American, and thus not protected by the First Amendment) is engaged in non-protected speech, and because of the actions of that other guy, the FISA Court will grant the ability for the FBI to slurp up the American's records and data. Because of the redactions, this part is a little more difficult to parse, but it's pretty clearly saying that even though the US person who is the subject of this surveillance request did nothing other than Constitutionally protected speech, because some other person who is not in the US and not directly associated with the party in question, has some evidence of terrorist activity, that makes it okay to spy on the US person.

As law professor Jennifer Granick notes in the link above, this is an extremely troubling interpretation of Section 215, basically allowing the FISA Court to ignore the prohibition on spying on people because of their Constitutionally protected speech, so long as it's somehow a part of a larger terrorism investigation.

The statute prohibits the FBI from investigating law abiding Americans unless their own conduct fell outside of the First Amendment, regardless of the conduct of other people related to the investigation. I think most people, when they cite that statutory language, believe it means that Americans won’t be subjects of terrorism investigations for the First Amendment protected things they say or do.

They would be wrong. Judge Bates’ alternate interpretation allows for Americans exercising only constitutional protected rights to nevertheless be investigated under section 215 so long as there’s an independent, constitutionally unprotected basis for the overarching terrorism investigation.

The takeaway is, Americans are being investigated for their First Amendment protected activity, so long as someone’s else’s related conduct is not protected, even where the relationship between the American and the other party is too attenuated to support suspicion of aiding and abetting or conspiracy.

That is an immensely troubling interpretation of the law, one that appears to run counter to the plain wording of the law, as well as the basic concept of both the First and Fourth Amendments of the Constitution. No freaking wonder Judge Bates has been so adamant against having any sort of civil liberties advocate reviewing and challenging his decisions within the FISC.

Filed Under: doj, fbi, first amendment, fisa court, fisc, free speech, john bates, nsa, patriot act, section 215, surveillance, terrorism